securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-05-09 04:42:40 +02:00

Files

T

Mike Reeves a149ea7e8f Skip per-minion pillar fan-out when cred is already in place

Every postgres.auth run was rewriting every minion pillar file via
two so-yaml.py replace calls, even when nothing had changed. Passwords
are only generated on first encounter (see the `if key not in
telegraf_users` guard) and never rotate, so re-writing the same values
on every apply is wasted work and noisy state output.

Add an `unless:` check that compares the already-written
postgres.telegraf.user to the one we'd set. If they match, skip the
fan-out entirely. On first apply for a new minion the key isn't there,
so the replace runs; on subsequent applies it's a no-op.

2026-04-21 09:59:46 -04:00

files

Use TELEGRAFMERGED for telegraf.output and de-jinja pg_hba.conf

2026-04-20 16:06:01 -04:00

tools/sbin

Move postgres backup script and cron to the postgres states

2026-04-21 09:42:41 -04:00

auth.sls

Skip per-minion pillar fan-out when cred is already in place

2026-04-21 09:59:46 -04:00

config.sls

Tidy config.sls makedirs and postgres helpLinks